[PATCH aurweb 1/2] Source valid ssh prefixes from config
--- I'm not versed in PHP and this hasn't been tested. web/lib/acctfuncs.inc.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index efc08331..0d021f99 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -875,11 +875,7 @@ function valid_pgp_fingerprint($fingerprint) { * @return bool True if the SSH public key is valid, otherwise false */ function valid_ssh_pubkey($pubkey) { - $valid_prefixes = array( - "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256", - "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519", - "sk-ssh-ecdsa@openssh.com", "sk-ssh-ed25519@openssh.com" - ); + $valid_prefixes = explode(' ', config_get('auth', 'valid-keytypes')); $has_valid_prefix = false; foreach ($valid_prefixes as $prefix) { -- 2.32.0
--- conf/config.defaults | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.defaults b/conf/config.defaults index 98e033b7..e6961520 100644 --- a/conf/config.defaults +++ b/conf/config.defaults @@ -62,7 +62,7 @@ ECDSA = SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s [auth] -valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 +valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ssh-ecdsa@openssh.com sk-ssh-ed25519@openssh.com username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$ git-serve-cmd = /usr/local/bin/aurweb-git-serve ssh-options = restrict -- 2.32.0
On 6/10/21 2:35 PM, Steven Guikal via aur-dev wrote:
--- conf/config.defaults | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/config.defaults b/conf/config.defaults index 98e033b7..e6961520 100644 --- a/conf/config.defaults +++ b/conf/config.defaults @@ -62,7 +62,7 @@ ECDSA = SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s
[auth] -valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 +valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ssh-ecdsa@openssh.com sk-ssh-ed25519@openssh.com
Thanks, this seems like a very reasonable change. :) To gitlab.archlinux.org:archlinux/aurweb.git a625df07..b32022a1 b32022a176ede116068a405c928cf25e23ffb691 -> master
username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$ git-serve-cmd = /usr/local/bin/aurweb-git-serve ssh-options = restrict
-- Eli Schwartz Bug Wrangler and Trusted User
participants (2)
-
Eli Schwartz
-
Steven Guikal